Bug 560113

Summary: SELinux is preventing firefox (mozilla_t) "create" user_home_dir_t.
Product: [Fedora] Fedora Reporter: Iván Jiménez <icj>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 12CC: dwalsh, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard: setroubleshoot_trace_hash:019b27b086b2f6bf2990c7792eff8b05c5acefd9cb4286e7d826c817b3a3a67c
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-02-01 09:28:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Iván Jiménez 2010-01-29 21:35:02 UTC 
Resúmen:

SELinux is preventing firefox (mozilla_t) "create" user_home_dir_t.

Descripción Detallada:

SELinux denied access requested by firefox. It is not expected that this access
is required by firefox and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

Permitiendo Acceso:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Información Adicional:

Contexto Fuente               xguest_u:xguest_r:mozilla_t:s0
Contexto Destino              xguest_u:object_r:user_home_dir_t:s0
Objetos Destino               etilqs_ins3YZzaPBnXv9Q [ file ]
Fuente                        firefox
Dirección de Fuente          /usr/lib64/firefox-3.5/firefox
Puerto                        <Desconocido>
Nombre de Equipo              (removed)
Paquetes RPM Fuentes          firefox-3.5-1.fc11
Paquetes RPM Destinos         
RPM de Políticas             selinux-policy-3.6.12-62.fc11
SELinux Activado              True
Tipo de Política             targeted
Modo Obediente                Enforcing
Nombre de Plugin              catchall
Nombre de Equipo              (removed)
Plataforma                    Linux (removed) 2.6.29.5-191.fc11.x86_64 #1
                              SMP Tue Jun 16 23:23:21 EDT 2009 x86_64 x86_64
Cantidad de Alertas           1
Visto por Primera Vez         jue 16 jul 2009 11:12:24 COT
Visto por Última Vez         jue 16 jul 2009 11:12:24 COT
ID Local                      eb0f72ae-fc62-4f8b-beb4-70b954780175
Números de Línea            

Mensajes de Auditoría Crudos 

node=(removed) type=AVC msg=audit(1247760744.5:529): avc:  denied  { create } for  pid=4082 comm="firefox" name="etilqs_ins3YZzaPBnXv9Q" scontext=xguest_u:xguest_r:mozilla_t:s0 tcontext=xguest_u:object_r:user_home_dir_t:s0 tclass=file

node=(removed) type=SYSCALL msg=audit(1247760744.5:529): arch=c000003e syscall=2 success=no exit=-13 a0=7fff4c5f1060 a1=200c2 a2=180 a3=0 items=0 ppid=4067 pid=4082 auid=507 uid=507 gid=507 euid=507 suid=507 fsuid=507 egid=507 sgid=507 fsgid=507 tty=(none) ses=3 comm="firefox" exe="/usr/lib64/firefox-3.5/firefox" subj=xguest_u:xguest_r:mozilla_t:s0 key=(null)



Hash String generated from  selinux-policy-3.6.12-62.fc11,catchall,firefox,mozilla_t,user_home_dir_t,file,create
audit2allow suggests:

#============= mozilla_t ==============
allow mozilla_t user_home_dir_t:file create;
Comment 1 Miroslav Grepl 2010-02-01 09:28:41 UTC 

*** This bug has been marked as a duplicate of bug 538428 ***